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DETAILED ACTION 

Acknowledgements 

1 . Applicants' amendments to the claims and specification, received on 3 March 2008 have 
been entered. 

2. Accordingly, claims 1-36 are pending. 

3. The Examiner has referenced three press releases regarding the same product. These 
press releases (From Panda Security Internacional; dated Jan. 17, 2001; Nov. 15, 2001; and Nov. 
26, 2002) all reference a single embodiment ("Panda ActiveScan" 4.0), but when cited, the 
Examiner has referred to them chronologically as "Release 1," "Release 2," and "Release 3." 
(MPEP 2131.01) 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over Panda 
ActiveScan in view of Dent (6,31 1,171). 



6. 



As to claims 1, 13, and 22; Panda ActiveScan shows: 
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A method of disabling malicious code residing on a customer computer system in 
association with providing on-line financial services to a customer through a 
network, the method comprising: 
presenting to the customer an option to perform a scan of the customer computer 

system for the malicious code (Release 3, Paragraph 7); 
executing, at least in part by activation over the network (Release 3, Paragraph 5) and 
upon receiving from the customer a selection of the option to perform the scan, 
computer program instructions for performing the scan, the computer program 
instructions being directed to detection and disablement of the malicious code 
(Release 3, Paragraph 3); 
Furthermore, Panda ActiveScan shows that the malicious code detection can be 
associated with other on-line services (Release 3, Paragraph 7). 
Panda ActiveScan does not expressly show: 
the other on-line service is financial. 

authenticating the customer for the on-line financial services; 

providing the on-line financial services to the customer. 
Dent shows authenticating a customer through use of public key/private key encryption in order 
to process an online financial transaction (Figure 2). It would have been obvious to one of 
ordinary skill in the art at the time of the invention to have modified the invention Panda 
ActiveScan to reside on the website of a financial institution, because webmasters were invited 
to include the functionality (Panda ActiveScan; Release 3, Paragraph 7) and security at a 
financial institution is a major concern. 
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7. As to claim 2, 14, and 23; Panda ActiveScan further shows: 

the executing of the computer program instructions further comprises downloading 
the computer program instructions to the customer computer system (Release 1 , 
Paragraphs 8-10). 

8. As to claim 3,15, and 24; Panda ActiveScan further shows: 

the executing of the computer program instructions is accomplished at least in part 
through the use of an ActiveX control (Release 1, Paragraph 7). 

9. As to claim 4, 16, and 25; Panda ActiveScan further shows: 

the computer program instructions are operable to perform signature-based detection 
of the malicious code (Release 2, Paragraph 7). 

10. As to claim 5, 17, and 26; Dent, in the combination above, shows: 

the computer program instructions are operable to perform integrity checking 
(Through keys, as mentioned; Figure 2). 

11. As to claim 6, 18, and 27 Panda ActiveScan further shows: 

the computer program instructions are operable to perform non-integrity-based 
unknown malicious code detection (Heuristic scan engine; Release 3, Paragraph 
2). 
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12. As to claim 7, 19, and 28; Panda ActiveScan further shows: 

the computer program instructions are operable to perform signature-based detection 
of the malicious code (Release 2, Paragraph 7). 



13. As to claim 8, 20, and 29; Dent, in the combination above, shows: 

the computer program instructions are operable to perform integrity checking 
(Through keys, as mentioned; Figure 2). 



14. As to claim 9, 21, and 30; Panda ActiveScan further shows: 

the computer program instructions are operable to perform non-integrity-based 
unknown malicious code detection (Heuristic scan engine; Release 3, Paragraph 
2). 



15. As to claim 10, Panda ActiveScan shows: 

Apparatus for disabling malicious code residing on a customer computer system in 
association with providing on-line financial services to a customer through a 
network, the apparatus comprising: 

means for executing, at least in part by activation over the network (Release 3, 
Paragraph 5), computer program instructions for performing a scan for the 
malicious code, the computer program instructions being directed to detection and 
disablement of the malicious code (Release 3, Paragraph 3); 
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Panda ActiveScan does not expressly show: 

means for authenticating the customer for the on-line financial services; 
means for providing the on-line financial services to the customer. 
Dent shows authenticating a customer through use of public key/private key encryption in 
order to process an online financial transaction (Figure 2). It would have been obvious to one of 
ordinary skill in the art at the time of the invention to have modified the invention Panda 
ActiveScan to reside on the website of a financial institution, because webmasters were invited 
to include the functionality (Panda ActiveScan; Release 3, Paragraph 7) and security at a 
financial institution is a major concern. 

16. As to claim 1 1 , Panda ActiveScan further shows: 

the means for executing the computer program instructions further comprises means 
for downloading the computer program instructions to the customer computer 
system (Release 1, Paragraphs 8-10). 

17. As to claim 12, Panda ActiveScan further shows: 

the means for executing the computer program instructions further comprises an 
ActiveX control (Release 1, Paragraph 7). 

18. While treated together and the method limitations directly addressed, it is recognized that 
claims 13-21 are to the software and 22-30 are to the system. The software instructions claimed 
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would cause a computer to perform the noted method if they were caused to execute. Also, the 
system claimed would also need to be present to perform the associated method. 

19. Claims 31-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over Panda 
ActiveScan and Dent as applied to claims 1, 3, 10, 13, 15, and 22 above, and further in view of 
Applicants' Admitted Prior Art. 

20. For each claim (31-36), all of the elements of the parent claim have been shown by Panda 
ActiveScan and Dent above. 

Panda ActiveScan and Dent do not expressly show: 

the executing of the computer program instructions for performing the scan further 
comprises making reference to a database of code that the customer has 
previously identified as safe. 
However, Applicants show in paragraph [0019] of their specification that this is part of a 
known method of scanning performed by Norton TM Anti-virus. 

As multiple methods of scanning for viruses were known at the time of the invention, 
selecting any one of them would have been obvious to one of ordinary skill in the art at the time 
of the invention because it would simply be the implementation of a known procedure to produce 
a known result. Moreover, the use of "inoculation," as termed by Symantec Corp. (Specification, 
paragraph [0019]), would have been a preferred choice because it provides for faster subsequent 
scans because only the fingerprint is scanned to provide a reasonable level of assurance that the 
content is still safe. 
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DEFINITIONS 

To the extent that the Examiner's interpretations are in dispute with Applicants' interpretations, 
the Examiner hereby adopts the following definitions — under the broadest reasonable 
interpretation standard — in all his claim interpretations. Moreover, while the following list is 
provided in accordance with/ii re Morris 127 F.3d 1056, 44 USPQ2d 1029 (Fed. Cir. 1997), the 
definitions are a guide to claim terminology since claim terms must be interpreted in context of 
the surrounding claim language. Finally, the following list is not intended to be exhaustive in 
any way: 

Associate, "to combine or join with other parts" Webster's Ninth New Collegiate 
Dictionary. 1986, Merriam- Webster Inc. 

Response to Arguments 

Applicant's arguments filed 3 March 2008 have been fully considered but they are not 
persuasive. 

Applicants argue : 

Claim 22 as originally filed, as well as claims 1,10 and 13 as amended, all recite the 
detection and/or disablement of malicious code on a customer computer "in association with.., 
providing the on-line financial services." The detection of malicious code in association with the 
provision of on-line financial services allows a financial institution to extend its security 
perimeter around a customer when the customer is performing on-line transactions. 
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Examiner's response : 

The Examiner agrees that the claims recite that the detection and/or disablement of 
malicious code on a customer computer in association with on-line financial services. However, 
the claims do not recite Applicants' argued interpretation. Applicants have not provided an 
express definition of association, therefore the Examiner has relied upon a definition known in 
the art (associate, see Definitions above) when interpreting these claims. In view of the 
definition provided, clearly the virus scan and financial transactions are joined by being on the 
same website. If Applicants desire the above stated interpretation, they are encouraged to 
include claim language discussing, for example, the security perimeter, to the extent it is 
supported by the specification. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Because this application is now final, Applicant(s) are reminded of the USPTO's after 
final practice as discussed in MPEP §714.12 and §714.13 and that entry of amendments after 
final is not a matter of right. Furthermore, suggestions or examples of claim language provided 
by the Examiner are just that — suggestions or examples — and do not constitute a formal 
requirement mandated by the Examiner. Unless stated otherwise by an express indication that a 
claim is "allowed," exemplary claim language provided by the Examiner to overcome a 
particular rejection or to change claim interpretation has not been addressed with respect to other 
aspects of patentability {e.g. § 101 patentable subject matter, §112 1 st paragraph written 
description and enablement, §1 12 2 nd paragraph indefiniteness, and §102 and §103 prior art). 
Therefore, any claim amendment submitted under 37 C.F.R. §1.116 that incorporates an 
Examiner suggestion or example or simply changes claim interpretation will nevertheless require 
further consideration and/or search and a patentability determination as noted above. 

Any inquiry concerning this communication or earlier communications from the 
Examiner should be directed to JOSHUA MURDOUGH whose telephone number is (571)270- 
3270. The Examiner can normally be reached on Monday - Thursday, 7:00 a.m. - 5:00 p.m. 

If attempts to reach the Examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on (571) 272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

J. M. 

Examiner, Art Unit 3621 

/ANDREW J. FISCHER/ 

Supervisory Patent Examiner, Art Unit 3621 



